[strongSwan] Please help this assign different ippool any problem?
Yanrui Hu
yhu at appannie.com
Mon Oct 26 10:44:59 CET 2015
Guys,
I start a new thread cause this question is more specific.
To be simple, let me introduce the configuration:
In file: users
DEFAULT SQL-Group == "restricted", Pool-Name := "main_pool"
Fall-Through = Yes
DEFAULT Pool-Name := "tc_pool"
Fall-Through = Yes
In file:modules/ippool
ippool main_pool {
range-start = 172.16.10.1
range-stop = 172.16.10.254
netmask = 255.255.255.0
cache-size = 254
session-db = ${raddbdir}/db.ipmainpool
ip-index = ${raddbdir}/db.ipmainindex
override = no
maximum-timeout = 0
}
ippool tc_pool {
range-start = 172.16.11.1
range-stop = 172.16.11.254
netmask = 255.255.255.0
cache-size = 254
session-db = ${raddbdir}/db.ipsecondarypool
ip-index = ${raddbdir}/db.ipsecondaryindex
override = no
maximum-timeout = 0
}
In file: site-enabled/default
under accounting and post-auth
if (SQL-Group == "restricted") {
main_pool
}
else {
tc_pool
}
I have put some user into restricted group in db. and want these users get
different ippool, but seems when use main_pool as above, vpn client can not
connect. Is there any reason that two ippool can not exist together?
--
Best Regards,
Yanrui Hu
--
*This email may contain or reference confidential information and is
intended only for the individual to whom it is addressed. Please refrain
from distributing, disclosing or copying this email and the information
contained within unless you are the intended recipient. If you received
this email in error, please notify us at legal at appannie.com
<legal at appannie.com>** immediately and remove it from your system.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20151026/f90ab41d/attachment.html>
More information about the Users
mailing list